Modern information systems depend on unique identifiers to distinguish individuals. While this provides important benefits, it can impact personal privacy and lead to identity theft. These risks are increased when organizations use common identifiers to uniquely identify individuals, for this allows cross-linking and aggregation of multiple, independent information sources. For example, the social security number (SSN) issued by the United States has been used as an identifier for a variety of different purposes including as a student identification (ID) number, employee ID number, driver's license number, insurance plan ID number, and the like. Even when an organization does not adopt the SSN as its ID, it still may require it so that government mandated reports can be filed at the individual level. Organizations routinely collect personal identifiers issued by various public and corporate entities, such as passport numbers, military ID numbers, insurance coverage ID numbers, and credit card numbers. Each additional identifier facilitates the cross-linking to other information systems, which increases the risk of identity theft.
While organizations have a responsibility to store sensitive data securely there are numerous instances where large, corporate information systems have been breached. For instance, between January 2005 and August 2008 over 1,000 reported security breaches exposed more than 244 million records containing sensitive personal information. While exposure of personal data can impose real hardship for affected individuals, such breaches are also a source of significant liability and cost to owners of compromised systems.
The underlying problem is that individuals have lost control over their personal identifiers (PIs). The purpose of a PI is to uniquely identify an individual to the issuing organization, be it a social security agency, a credit card company, an insurance firm, or the like. However, once individuals disclose their PI to the third party they lose control over how it is used.
It is common for organizations to request multiple forms of identification, each certifying a different attribute of the individual, and issued by different independent agents. For example:                Individuals are often asked for a driver's license when making a check or credit card purchase.        Patients must produce insurance cards, a driver's license or some other form of ID, and a credit card to receive medical services.        State Departments of Motor Vehicles (DMV) require multiple forms of ID to grant services. For example, the South Carolina DMV requires a minimum of five separate forms of approved ID documenting different characteristics, namely: name and date of birth, social security number, citizenship, residency within the state, and proof of automobile liability insurance. In cases where the applicant's name has changed since birth, the applicant must also provide additional documentation.        
Regulatory bodies are often obligated by law to uniquely identify and track individuals. For example the Internal Revenue Service (IRS) is charged with collecting taxes, and the Department of Health and Human Services (HHS) is charged with monitoring and protecting the health of the nation. To satisfy regulatory obligations, organizations are required to include unique individual identifiers on transactional reports. Non-government organizations have similar legitimate needs to uniquely identify and track individual activities (e.g., prevent fraud, provide audit trails, etc.).
It is desirable to balance society's informational needs with the individual's desire to limit unauthorized access to her personal data. Organizations are challenged to authenticate individuals' credentials and fulfill reporting responsibilities without direct access to unique identifiers or personal characteristics of the individual.
Presently the primary method for asserting identity in electronic transactions is through a digital certificate, which identifies its owner, authorizes certain rights or privileges, and may incorporate a tracking number. Unlike traditional certificates in the non-digital world (e.g., driver's licenses, passports, and library cards), digital certificates incorporate a mechanism that allows the owner to demonstrate ownership, namely the certificate owner's public key which is contained within the certificate. This key can be used in a challenge/response sequence to verify that the individual has access to the corresponding private key, thereby demonstrating ownership of the certificate.
At least three entities have a direct interest in the integrity of transactions executed using digital certificates, namely the certificate owner, certificate consumer (e.g., merchants, employers, benefit providers, insurance firms, etc.), and regulatory entities that are obligated to monitor some aspect related to the transaction (e.g., taxation authorities, stock market regulators, health departments, etc.). Based on a review of the published literature, current legislation, and the recent literature related to personal privacy, Table 1 summarizes these constituents' needs with respect to the design of a digital identity certificate and the specific certificate properties required to meet these needs.
Existing certification systems are not designed to mask certificate ownership. In fact, they are designed to do the exact opposite. Traditional non-digital certificates such as passports, driver's licenses, social security cards, etc. have identification numbers uniquely issued to a single individual, specifically to maintain the one-to-one mapping between the certificate and its owner. Similarly, conventional digital certificates are designed to associate a specific individual to his or her public encryption key embedded in the certificate. Although specialized digital certificates with unique features and capabilities have been developed, none address all of the desirable features of privacy preserving certificates identified in Table 1.
For instance, several types of digital certificates have been developed to address specific needs, especially those that arise in electronic transaction environments. In electronic environments, identification and authentication are problematic. Public key encryption technology authenticates authorship, provides confidential communication, recognizes unauthorized modification of a document, and executes legally binding and enforceable digital contracts. For these benefits to be realized, there is a need to provably associate an individual with his or her public key. This is the role of the digital certificate.
Digital certificates are documents created by a certificate authority (CA) and certify that a specific public encryption key belongs to a certain individual or organization. The CA could in principle be any trusted third party possessing a set of public/private keys. The level of trust in a certificate, be it a physical or a digital one, depends on the reputation of its issuer, the auditable procedures by which the certificate can be obtained, and the level of difficulty with which the certificate can be forged.
Once the CA has verified the identity of the individual, the digital certificate would be generated. Information uniquely identifying the individual is immutably embedded in the certificate itself. The widely used, standards-based X.509 v3 digital certificate specifies the structure of the certificate and mechanisms used in its creation. Assuming the technology is secure, it is not possible to falsify a digitally signed document. The individual can prove certificate ownership by demonstrating access to the companion private key associated with the embedded public key. Mechanisms have also been developed for the revocation of issued certificates.
In addition to the standard X.509v3 certificate, other specialty digital certificates have been developed with unique characteristics. Four of these specialty certificates are discussed below, and are included in Table 2 which summarizes the different features of each.
As its name implies, the attribute certificate (AC) is a version of X.509 certificate designed to certify an attribute, or a set of attributes such as group membership, role, security clearance, or other authorization information associated with the AC holder. It is similar to a public key certificate (PKC), except it does not contain a public key. The AC contains the holder's identity, which is digitally signed, and the set of certified associated attributes. The lack of a public key prevents authentication of the holder. This limitation can be addressed by binding it to a PKC.
The properties of an AC are similar to a PKC. The level of trust depends on the reputation of its issuer, the auditable procedures by which the certificate can be obtained, and the level of difficulty with which the certificate can be forged. As with PKC, revocation mechanisms are defined. Since ACs are not designed to certify identity, the ability to detect collusion, prevent pooling and support aggregation is limited, being dependent in part on the embedded identity of the holder.
Unlike conventional digital certificates that provably link a specific individual to her public encryption key, a blind certificate is an authenticated token that does not contain any identity information and is created in such a manner that neither the CA nor anyone else can determine its ownership. As such they are equivalent to a bearer instrument, and do not provide any means for holding the certificate owner accountable. Taking advantage of this characteristic, blind certificates have been used to create digital cash, where banks sign blinded tokens to create a digital form of untraceable, digital money.
Variations of blind certificates have been proposed to extend the usefulness of the scheme. For instance, encryption methods necessary to create limited use certificates have been provided. This type of certificate can be used only a pre-determined number of times before its subsequent use reveals its owner's identity (in this sense, digital cash is a single-use certificate). To prevent lending of limited use certificates, it has been proposed that the owner be required to embed some valuable secret (such as access keys to escrow funds). Consequently, the certificate owner would have an incentive to conceal this information and therefore be less likely to lend the certificate. For transactions in person, the use of embedded soft biometric information has been proposed. Soft biometrics are defined as nondistinctive, limitedly permanent human traits such as gender, age, hair color, weight, and height. Revealing a portion of the embedded soft biometrics would limit the ability of individuals other than the rightful owner from using the certificate. Thus, inclusion of biometric information makes it more difficult to lend a certificate.
The fair blind signing protocol introduces a trusted third party such as a judge, who can ‘unblind’ the certificate in cases where the certificate owner violates the law or does not perform in accordance with a contract. In this way fair blind certificates solve the problem of accountability. Unfortunately, the fair blind signing procedure is inefficient, requiring substantial communication between the certificate holder and the CA. Also, fair blind certificates do not satisfy regulatory reporting requirements. For example, to prevent money laundering and other illegal financial transactions, the IRS requires financial organizations to report large monetary transactions. If transactions are executed using either blind or fair blind certificates, the identity of the transacting parties is hidden, or may not be known with certainty. It is not clear that any regulatory agency would rely on a third party to gain access to information that it is entitled to by law. Also, fair blind certificates do not prevent inappropriate pooling of certificates obtained by multiple individuals, and it may be impossible to ascertain if multiple certificates were issued to the same individual.
With concerns over privacy issues growing, new approaches for how to enhance user control over the identity information carried in a certificate are needed. The user-centric concept aims to provide stronger user control and privacy. A general privacy-enhancing certificate framework to realize the controlled release of certified information has been provided. In this framework, the user has control over which attributes to be certified and revealed in the certificate, and the relations over the attributes are checked to ensure that no side information but only the specified information is revealed. However, the user-centric certificate still reveals some identity information as the user permits.
Thus, a need exists for systems and methods that do not expose any identity information about the user, thus ensuring better privacy protection.